diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-06-23 13:42:01 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-07-02 14:43:44 +0000 |
commit | 76eea85701af80dc972c47e14aecc7a688b9c846 (patch) | |
tree | 00b7cbb9a64c6bf3dea2a905ae22fc88c97a3553 /ipalib/plugins/user.py | |
parent | 53b11b611766d79015e17298f2354b7688437e20 (diff) | |
download | freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.tar.gz freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.tar.xz freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.zip |
new commands to manage user/host/service certificates
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is
ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]
Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/plugins/user.py')
-rw-r--r-- | ipalib/plugins/user.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index bc6989cce..9bd7bf7e5 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -1001,3 +1001,55 @@ class user_status(LDAPQuery): summary=unicode(_('Account disabled: %(disabled)s' % dict(disabled=disabled))), ) + + +@register() +class user_add_cert(LDAPAddAttribute): + __doc__ = _('Add one or more certificates to the user entry') + msg_summary = _('Added certificates to user "%(value)s"') + attribute = 'usercertificate' + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, + **options): + assert isinstance(dn, DN) + + new_attr_name = '%s;binary' % self.attribute + if self.attribute in entry_attrs: + entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + assert isinstance(dn, DN) + + old_attr_name = '%s;binary' % self.attribute + if old_attr_name in entry_attrs: + entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + + return dn + + +@register() +class user_remove_cert(LDAPRemoveAttribute): + __doc__ = _('Remove one or more certificates to the user entry') + msg_summary = _('Removed certificates from user "%(value)s"') + attribute = 'usercertificate' + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, + **options): + assert isinstance(dn, DN) + + new_attr_name = '%s;binary' % self.attribute + if self.attribute in entry_attrs: + entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + assert isinstance(dn, DN) + + old_attr_name = '%s;binary' % self.attribute + if old_attr_name in entry_attrs: + entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + + return dn |